This document provides you the steps for integrating SafeNet Authentication Service (SAS) with a Luna HSM. It demonstrates how to configure a SafeNet Authentication Service (SAS) to secure the AES encryption key within a Luna HSM. Thales Luna HSM is an external hardware security module that is available for use with SafeNet Authentication Service (SAS). Luna HSM with SAS is used to secure encryption keys that protect sensitive data. Multiple Luna HSMs can be configured as a High Availability (HA) group with SAS that ensure the availability of encryption keys.

The benefits of using a Luna HSM to generate the encryption key to protect sensitive data for SafeNet Authentication Service (SAS) include:

• Secure generation, storage and protection of the private keys on FIPS 140-2 level 3 validated hardware.
• Full life cycle management of the keys.
• HSM audit trail.
• Significant performance improvements by off-loading cryptographic operations from servers.

Supported platforms

List of the platforms which are tested with the following HSMs:

Thales Luna HSM: Thales Luna HSM appliances are purposefully designed to provide a balance of security, high performance, and usability that makes them an ideal choice for enterprise, financial, and government organizations. Luna HSMs physically and logically secure cryptographic keys and accelerate cryptographic processing.

The Thales Luna HSM on premise offerings include the Luna Network HSM, PCIe HSM, and Luna USB HSMs. Luna HSMs are also available for access as an offering from cloud service providers such as IBM cloud HSM and AWS cloud HSM classic.

The following platforms are supported:

Any Luna HSM version is subjected to support this integration if it is used with supported Luna Client.